[RADIATOR] EAP-Fast/MS-CHAPv2 with Cisco 7921g
LeBlanc, Michael
mleblanc at exchange.ubc.ca
Fri Aug 29 12:44:00 CDT 2008
Hi Hugh,
Thanks very much for taking a look at this. The config file is included
first, followed by a log extract:
CONFIG FILE
===========
# We run under restartWrapper, so must have foreground option set.
Foreground
# Run radius daemon as the following userid and group.
# see local config file for User and Group settings
# Bind only to specified IP address
BindAddress %{GlobalVar:Bind_IP}
# This instance handles authentication only - port 1645 - accounting
disabled
AuthPort 1645
AcctPort
# Location of log, pid, db, dictionary, etc.
# DbDir is where all hook scripts and dictionaries are stored.
LogDir /local/radiator/%{GlobalVar:Environment}/logs
LogFile %L/%{GlobalVar:Instance}.log
PidFile
/var/run/radius/%{GlobalVar:Environment}/%{GlobalVar:Instance}.pid
DbDir /local/radiator/%{GlobalVar:Environment}/db
DictionaryFile %D/dictionary,%D/dictionary.airespace
# Set the default trace level for this instance. Can be changed on the
fly
# by sending the radius daemon the following signals:
# Increased by one every time a SIGUSR1 is received
# Decreased by one every time a SIGUSR2 is received
#
Trace 4
# TCP socket queue length
SocketQueueLength 1000000
# Ensure usernames contain only the characters in this set.
UsernameCharset a-zA-Z0-9_\.\-@
# Set the umask at startup.
StartupHook sub { umask(0022); }
#=======================================================================
=======
#
# Radius client and shared secret key definitions.
#
#=======================================================================
=======
#-----------------------------------------------------------------------
-------
# Load all of the radius client and shared secret information from the
# radmin database. These are managed via the radmin web tool.
#-----------------------------------------------------------------------
-------
<ClientListSQL>
# Database Connection Information
DBSource %{GlobalVar:radmin_DBSource}
DBUsername %{GlobalVar:radmin_DBUname}
DBAuth %{GlobalVar:radmin_DBAuth}
DisconnectAfterQuery
# Automatically refresh the client list from the db once an
hour.
# It's OK to do this now, as since revision 3.11 any failure in
# loading the clients will result in the previous list being
used.
RefreshPeriod 1800
# Consider server failed if can't connect after 20 seconds
# Retry connections every 60 seconds
Timeout 20
FailureBackoffTime 60
# The Default GetClientQuery will work with RAdmin Database
</ClientListSQL>
#=======================================================================
=======
#
# Statistics logging and gathering
#
#=======================================================================
=======
#-----------------------------------------------------------------------
-------
# Log radiator statistics to a file once every 10 minutes
#-----------------------------------------------------------------------
-------
<StatsLogFILE>
# Log interval in seconds
Interval 600
# Log file
Filename %L/%{GlobalVar:Instance}.slog
</StatsLogFILE>
#=======================================================================
=======
#
# Handlers
#
# Each request has its request items compared against the check items
provided
# with each handler definition. The request is handled by the first
handler for
# which a match occurs.
#
#=======================================================================
=======
<Handler>
Identifier WIRELESS-VOICE
<AuthBy FILE>
Identifier EAP-FAST
# Users must be in this file to get anywhere
#EAPType
PEAP,TTLS,TLS,MD5,Generic-Token,LEAP,MSCHAP-V2,FAST
# EAPType sets the EAP type(s) that Radiator will
honour.
# We are happy to handle EAP-MSCHAPV2 and Generic-Token,
# inside EAP-FAST
EAPType FAST,MSCHAP-V2
Filename %D/users
# Required for all EAP-FAST
AutoMPPEKeys
# EAP-FAST requires a Diffie Helman parameters
# file to be precomputed and available
# to the server. Odyssey Client will only accept the
2048 bit
# RFC3526 MODP group
#EAPTLS_DHFile %D/certs/dh1536.pem
EAPTLS_DHFile %D/certs/dh2048.pem
# You can control the maximum lifetime of PACS
provisioned by
# Radiator, and also when a PAC must be reprovisioned.
# PACs older than EAPFAST_PAC_Lifetime will not be used.
PACS
# with less than EAPFAST_PAC_Reprovision seconds left in
their
# lifetime will be reprovisioned
# Times are in seconds. PACS are cached in memory, so
# a restart of Radiator will cause all EAP-FAST PACS to
be
# reprovisioned on next authentication. Defaults to 90
days
# and 30 days.
# Some clients (notably Cisco SSC) fall back to
certificate
# based authentication under some circumstances, so you
will
# also need these TLS certificate details:
EAPTLS_CAFile %D/cacerts/ca.pem
EAPTLS_CertificateFile %D/certs/secure.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certs/secure.key
EAPTLS_PrivateKeyPassword [password]
EAPTLS_MaxFragmentSize 1000
</AuthBy>
</Handler>
LOGS
====
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 157
Authentic:
<157><181><26>4<207><135><137><214>4<194>P<227>G<236><5><158>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
0<246><170><197><234><18><145><172><221><148><23
0><165><19><134><146>(
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:30 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:30 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:30 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:30 2008: DEBUG: Handling with EAP: code 2, 1, 14, 1
Thu Aug 28 13:26:30 2008: DEBUG: Response type 1
Thu Aug 28 13:26:30 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:30 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:30 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:30 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 157
Authentic: T<138><171><3>*:<140>*<221>P.<232><23><211><143><163>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:30 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 158
Authentic: <220>z<30>r<204>_<211><148>_<201>n<250><205><150><14>8
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<129>6r<253>`%U?<129><253><31><208><250><179>3<7>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:30 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:30 2008: DEBUG: Deleting session for anonymous, XXXX,
XX
Thu Aug 28 13:26:30 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:30 2008: DEBUG: Handling with EAP: code 2, 2, 102, 43
Thu Aug 28 13:26:30 2008: DEBUG: Response type 43
Thu Aug 28 13:26:30 2008: DEBUG: EAP-FAST received PAC_OPAQUE
Thu Aug 28 13:26:30 2008: DEBUG: EAP-FAST requested PAC not found
Thu Aug 28 13:26:30 2008: DEBUG: EAP-FAST a new PAC will be provisioned
Thu Aug 28 13:26:30 2008: DEBUG: EAP-FAST SSL_accept result: -1, 2, 8576
Thu Aug 28 13:26:30 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:30 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:30 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:30 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 158
Authentic: <10>ho<204><156>V<181>5L<182><236><140>n<201><242>g
Attributes:
EAP-Message = [CERT]
EAP-Message = [CERT]
EAP-Message = [CERT]
EAP-Message = [CERT]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:30 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 159
Authentic:
<219><199><2><209><247><9><30><239>d<230><234>x<205><200><217>p
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<168><154><225><185>k-<12><29><15>7<168>y2<158><205><179>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:30 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:30 2008: DEBUG: Deleting session for anonymous, XXXX,
XX
Thu Aug 28 13:26:30 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:30 2008: DEBUG: Handling with EAP: code 2, 3, 6, 43
Thu Aug 28 13:26:30 2008: DEBUG: Response type 43
Thu Aug 28 13:26:30 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:30 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:30 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:30 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 159
Authentic: <16><140><139><159><18><215><198>v;<199><26><144><213>+z>
Attributes:
EAP-Message = [CERT]
EAP-Message = [CERT]
EAP-Message = [CERT]
EAP-Message = [CERT]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:30 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 160
Authentic: <3>=>&]<228><248><248>M<254><237><239><4>sd#
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
S<139>H<220><183><149><251>oj<l<133><4>]<2>i
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:30 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:30 2008: DEBUG: Deleting session for anonymous, XXXX,
XX
Thu Aug 28 13:26:30 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:30 2008: DEBUG: Handling with EAP: code 2, 4, 17, 43
Thu Aug 28 13:26:30 2008: DEBUG: Response type 43
Thu Aug 28 13:26:30 2008: DEBUG: EAP-FAST SSL_accept result: 0, 1, 8576
Thu Aug 28 13:26:30 2008: ERR: EAP-FAST TLS Handshake unsuccessful:
28194: 1 - error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
unexpected message
Thu Aug 28 13:26:30 2008: DEBUG: EAP result: 1, EAP-FAST TLS Handshake
unsuccessful
Thu Aug 28 13:26:30 2008: DEBUG: AuthBy FILE result: REJECT, EAP-FAST
TLS Handshake unsuccessful
Thu Aug 28 13:26:30 2008: INFO: Access rejected for anonymous: EAP-FAST
TLS Handshake unsuccessful
Thu Aug 28 13:26:30 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Reject
Identifier: 160
Authentic:
<195><250><184><31><158><28><144>U<201>x<231><248><164><188>e<220>
Attributes:
Reply-Message = "Request Denied"
Thu Aug 28 13:26:31 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 161
Authentic: <211><245>$"<144>?!<151>)V<144><215>g<197><144>7
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
B<212><17><230><254><205><129><152><14><183>c<128><139>~h<6>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:31 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:31 2008: DEBUG: Deleting session for anonymous, XXXX,
XX
Thu Aug 28 13:26:31 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:31 2008: DEBUG: Handling with EAP: code 2, 1, 14, 1
Thu Aug 28 13:26:31 2008: DEBUG: Response type 1
Thu Aug 28 13:26:31 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:31 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:31 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:31 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 161
Authentic: T<183><20><168>l<145>jU<209><189><183>E<249><145>0<242>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:31 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 162
Authentic:
<200><141><30><131><140>%6<252><234><167><169><183><254><5><227>K
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
u<158><208><236>H3.%<224><<210>&<159>,d<137>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:31 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:31 2008: DEBUG: Deleting session for anonymous, XXXX,
XX
Thu Aug 28 13:26:31 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:31 2008: DEBUG: Handling with EAP: code 2, 2, 60, 43
Thu Aug 28 13:26:31 2008: DEBUG: Response type 43
Thu Aug 28 13:26:31 2008: DEBUG: Enable Server-Unauthenticated
Provisioning mode
Thu Aug 28 13:26:31 2008: DEBUG: EAP-FAST a new PAC will be provisioned
Thu Aug 28 13:26:31 2008: DEBUG: EAP-FAST SSL_accept result: -1, 2, 8576
Thu Aug 28 13:26:31 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:31 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:31 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:31 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 162
Authentic: z<2><216><181><2><31><202>x<22><162>7<152>Y<203>~<22>
Attributes:
EAP-Message = [Message]
EAP-Message = [Message]
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 163
Authentic: @ H<205>6<164>X<193>e<149>o<248><250><8>N<187>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<255>5<227><255><159><6><184>%&<201>Y<186>f<219>p<254>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
XX
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 3, 336, 43
Thu Aug 28 13:26:35 2008: DEBUG: Response type 43
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST SSL_accept result: 1, 0, 3
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:35 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 163
Authentic: <128><160><135><240><233>n<189>jh<157>\<195><231>}aa
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 164
Authentic:
<248><220><139><21>H<155><140><210><154>#<197><158><211><191><153><164>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<224><193><16>g<143><146><171><166><221>t<162><168>.<180><221><193>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 4, 6, 43
Thu Aug 28 13:26:35 2008: DEBUG: Response type 43
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:35 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 164
Authentic: <140><152>3<4><25><132><144><185>\<148>q<208><255>"<217>D
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 165
Authentic: [<232><167><26>~<1><26><241>8<155><159><133><6>D\F
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<233><160>_y[uc6<233><190><146><26>0H<128><223>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 5, 96, 43
Thu Aug 28 13:26:35 2008: DEBUG: Response type 43
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST TLS data:
8009000d0200000d016d6c65626c616e63
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST inner authentication request
for anonymous
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <149><224>gFSyl<228><158><216><207><226><208><130>p<162>
Attributes:
EAP-Message = [Message][username]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
NAS-Port = 29
Calling-Station-Id = "XXXX"
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 0, 13, 1
Thu Aug 28 13:26:35 2008: DEBUG: Response type 1
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
MSCHAP-V2 Challenge
Thu Aug 28 13:26:35 2008: DEBUG: Access challenged for anonymous: EAP
MSCHAP-V2 Challenge
Thu Aug 28 13:26:35 2008: DEBUG: Returned FAST inner Packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: <149><224>gFSyl<228><158><216><207><226><208><130>p<162>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 3, EAP-FAST inner
authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
inner authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: Access challenged for anonymous:
EAP-FAST inner authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 165
Authentic:
<128>t<167><28><244><0><181><241><10><211><163><194><191><208><191><180>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 166
Authentic: %Q<3><140>ky(:d<8><16>L`}<29><176>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
+<3><253><2><146><141>22<2><144><218>@J<142><29><231>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 1, 144, 43
Thu Aug 28 13:26:35 2008: DEBUG: Response type 43
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST TLS data:
80090043020100431a0201003e310000000000000000000000
00000000000000000000000000cbabb79378bc4d09244b2e726b865aa2263266230bc822
9b006d6c65626c616e63
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST inner authentication request
for anonymous
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <152><168><142>s<202><187>h,<228>qwH<30><143><15>2
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
NAS-Port = 29
Calling-Station-Id = "XXXX"
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 1, 67, 26
Thu Aug 28 13:26:35 2008: DEBUG: Response type 26
Thu Aug 28 13:26:35 2008: DEBUG: Radius::AuthFILE looks for match with
[username] [anonymous]
Thu Aug 28 13:26:35 2008: DEBUG: Radius::AuthFILE ACCEPT: : [username]
[anonymous]
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge:
Success
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
MSCHAP V2 Challenge: Success
Thu Aug 28 13:26:35 2008: DEBUG: Access challenged for anonymous: EAP
MSCHAP V2 Challenge: Success
Thu Aug 28 13:26:35 2008: DEBUG: Returned FAST inner Packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: <152><168><142>s<202><187>h,<228>qwH<30><143><15>2
Attributes:
EAP-Message = [Message] M=success
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 3, EAP-FAST inner
authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
inner authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: Access challenged for anonymous:
EAP-FAST inner authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 166
Authentic: cBf<217><219>b3k<188>Ni<168>O<9><229><244>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 167
Authentic: <130><165><137><240>X<28><247><13>DW<210>_<247><162>h<229>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
fNZ<27><255>}<168><3><135><7><10><161><9>B<208><23>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 2, 80, 43
Thu Aug 28 13:26:35 2008: DEBUG: Response type 43
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST TLS data: 80090006020200061a03
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST inner authentication request
for anonymous
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <204><247><234>G<193>|<158><163>z<215>-<157><173><149><20>0
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
NAS-Port = 29
Calling-Station-Id = "XXXX"
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 2, 6, 26
Thu Aug 28 13:26:35 2008: DEBUG: Response type 26
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 0,
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: ACCEPT,
Thu Aug 28 13:26:35 2008: DEBUG: Access accepted for anonymous
Thu Aug 28 13:26:35 2008: DEBUG: Returned FAST inner Packet dump:
Code: Access-Accept
Identifier: UNDEF
Authentic: <204><247><234>G<193>|<158><163>z<215>-<157><173><149><20>0
Attributes:
MS-MPPE-Send-Key =
uw<165><254><143>0B<132><180>%<20><20>F`<17><167>
MS-MPPE-Recv-Key =
<26><141><247>'K<221>I<210><154>1<15>{w+<205><128>
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 3, EAP-FAST inner
authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
inner authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: Access challenged for anonymous:
EAP-FAST inner authentication redespatched to a Handler
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 167
Authentic: 7<208><184>J<163><134>#rV"<151><222><181>k<206><135>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 168
Authentic:
<4><148><228><20><132><183><147><1><192>8q<198><192><246><133><149>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator = $<183><154><248>K5OR|<253>><226>!xz<128>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 3, 144, 43
Thu Aug 28 13:26:35 2008: DEBUG: Response type 43
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST TLS data:
800a00020001800c003800010101bd8093bb95854ebc57a553
f3abc41c7182dc732a8f47425b5ca2c7a6c27704d362a335658194d9f1fa0a580b3b3a1d
e8f76b3850
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST Provisioning a new PAC
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 3, EAP-FAST PAC Provision
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
PAC Provision
Thu Aug 28 13:26:35 2008: DEBUG: Access challenged for anonymous:
EAP-FAST PAC Provision
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 168
Authentic: <170><<251>6&,r-<164>H<163>?<213>E<190>`
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 169
Authentic: `G<13><22><252><226><149><240><12><187>K<10>e<217><18><193>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<163><229>P'<140>v<175><250>F<162><10><2>A<255>C-
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:35 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:35 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:35 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:35 2008: DEBUG: Handling with EAP: code 2, 4, 96, 43
Thu Aug 28 13:26:35 2008: DEBUG: Response type 43
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST TLS data:
800300020001800b0006000800020001
Thu Aug 28 13:26:35 2008: DEBUG: EAP-FAST PAC ACK 1
Thu Aug 28 13:26:35 2008: DEBUG: EAP result: 1, EAP-FAST end of
Server-Unauthenticated Provisioning mode
Thu Aug 28 13:26:35 2008: DEBUG: AuthBy FILE result: REJECT, EAP-FAST
end of Server-Unauthenticated Provisioning mode
Thu Aug 28 13:26:35 2008: INFO: Access rejected for anonymous: EAP-FAST
end of Server-Unauthenticated Provisioning mode
Thu Aug 28 13:26:35 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Reject
Identifier: 169
Authentic:
<183><226><180>|<211><244><170><228><217>6<173>~<168><166><138><249>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 170
Authentic: <186><2><212><150><159>L<25><223>un<22><249><133>F<25><218>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<205>Q^6s)<135><203><169><147><17>[<241>~Rs
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:37 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:37 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:37 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:37 2008: DEBUG: Handling with EAP: code 2, 1, 14, 1
Thu Aug 28 13:26:37 2008: DEBUG: Response type 1
Thu Aug 28 13:26:37 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:37 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:37 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 170
Authentic: <193>q[5<22>Kk<208><221>^<2><212><31>9D<222>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 171
Authentic: <3><30>j<160><19>RfRn<137><250><172><198>^<237><250>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<190><137><131><<216><136><144>B2<159>+W<236><145>8<234>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:37 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:37 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:37 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:37 2008: DEBUG: Handling with EAP: code 2, 2, 102, 43
Thu Aug 28 13:26:37 2008: DEBUG: Response type 43
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST received PAC_OPAQUE
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST requested PAC found
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST SSL_accept result: -1, 2, 8640
Thu Aug 28 13:26:37 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:37 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:37 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 171
Authentic: r<138><138>-L<147><238>&FeG<128><235><236><231><21>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 172
Authentic: kj<12><7><185><149><143>J<246>&x<18>#<30><190><176>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<199><1><159><239>@3l<166>7<15>)<139><187><229><245><8>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:37 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:37 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:37 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:37 2008: DEBUG: Handling with EAP: code 2, 3, 57, 43
Thu Aug 28 13:26:37 2008: DEBUG: Response type 43
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST SSL_accept result: 1, 0, 3
Thu Aug 28 13:26:37 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
Thu Aug 28 13:26:37 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
Challenge
Thu Aug 28 13:26:37 2008: DEBUG: Access challenged for anonymous:
EAP-FAST Challenge
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 172
Authentic: <209>f<217><141><218>oJg,t<226><247>F<250>s<171>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 173
Authentic:
jf<149><29><13><228><153><159><163>N<251><231><215>A<223><155>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
U_<192><221><212><205><240><201><19><143>1J<218><235>O<127>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:37 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:37 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:37 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:37 2008: DEBUG: Handling with EAP: code 2, 4, 48, 43
Thu Aug 28 13:26:37 2008: DEBUG: Response type 43
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST TLS data:
8009000d0200000d016d6c65626c616e63
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST inner authentication request
for anonymous
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: 2<17><244>m<202>.<225>;<245><25><19>%,<25><219>Y
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
NAS-Port = 29
Calling-Station-Id = "XXXX"
Thu Aug 28 13:26:37 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:37 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:37 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:37 2008: DEBUG: Handling with EAP: code 2, 0, 13, 1
Thu Aug 28 13:26:37 2008: DEBUG: Response type 1
Thu Aug 28 13:26:37 2008: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Thu Aug 28 13:26:37 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
MSCHAP-V2 Challenge
Thu Aug 28 13:26:37 2008: DEBUG: Access challenged for anonymous: EAP
MSCHAP-V2 Challenge
Thu Aug 28 13:26:37 2008: DEBUG: Returned FAST inner Packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: 2<17><244>m<202>.<225>;<245><25><19>%,<25><219>Y
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:37 2008: DEBUG: EAP result: 3, EAP-FAST inner
authentication redespatched to a Handler
Thu Aug 28 13:26:37 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
inner authentication redespatched to a Handler
Thu Aug 28 13:26:37 2008: DEBUG: Access challenged for anonymous:
EAP-FAST inner authentication redespatched to a Handler
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 173
Authentic:
<215><10><237><142>/r<168><242><140><8><20><27><127>s<166><190>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 174
Authentic: ^<153>'<175><239>Q <240><175><6>rB<180><249>)<244>
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
<163><133><246><26><152><162><222><221><6><198>F'<132><0>v<156>
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:37 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:37 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:37 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:37 2008: DEBUG: Handling with EAP: code 2, 1, 41, 43
Thu Aug 28 13:26:37 2008: DEBUG: Response type 43
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST TLS data: 80090006020100060306
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST inner authentication request
for anonymous
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <200>*<156>b)$<206><200>'1K?8<25><249><157>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
NAS-Port = 29
Calling-Station-Id = "XXXX"
Thu Aug 28 13:26:37 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:37 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:37 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:37 2008: DEBUG: Handling with EAP: code 2, 1, 6, 3
Thu Aug 28 13:26:37 2008: DEBUG: Response type 3
Thu Aug 28 13:26:37 2008: INFO: EAP Nak desires type 6
Thu Aug 28 13:26:37 2008: DEBUG: EAP result: 1, Desired EAP type 6 not
permitted
Thu Aug 28 13:26:37 2008: DEBUG: AuthBy FILE result: REJECT, Desired EAP
type 6 not permitted
Thu Aug 28 13:26:37 2008: INFO: Access rejected for anonymous: Desired
EAP type 6 not permitted
Thu Aug 28 13:26:37 2008: DEBUG: Returned FAST inner Packet dump:
Code: Access-Reject
Identifier: UNDEF
Authentic: <200>*<156>b)$<206><200>'1K?8<25><249><157>
Attributes:
Reply-Message = "Request Denied"
Thu Aug 28 13:26:37 2008: DEBUG: EAP result: 3, EAP-FAST inner
authentication redespatched to a Handler
Thu Aug 28 13:26:37 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
inner authentication redespatched to a Handler
Thu Aug 28 13:26:37 2008: DEBUG: Access challenged for anonymous:
EAP-FAST inner authentication redespatched to a Handler
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Challenge
Identifier: 174
Authentic: X0<132><158><163><215><200><212><227>a<168>sWw<210><26>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Received from XXXX port XXXX ....
Code: Access-Request
Identifier: 175
Authentic: <17><18>1<146><155><207><200>2D?<230><22><239>P<244>l
Attributes:
User-Name = "anonymous"
Calling-Station-Id = "XXXX"
Called-Station-Id = "XXXX:ssid"
NAS-Port = 29
NAS-IP-Address = XXXX
NAS-Identifier = "XXXX"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = [Message]
Message-Authenticator =
2<223>k<214>O<246>a<200><178><31><248>Y%<153>t&
X-Stripped-User-Name = anonymous
X-Stripped-User-Role = default
X-Stripped-User-Realm = default
Thu Aug 28 13:26:37 2008: DEBUG: Handling request with Handler ''
Thu Aug 28 13:26:37 2008: DEBUG: Deleting session for anonymous, XXXX,
29
Thu Aug 28 13:26:37 2008: DEBUG: Handling with Radius::AuthFILE:
EAP-FAST
Thu Aug 28 13:26:37 2008: DEBUG: Handling with EAP: code 2, 2, 37, 43
Thu Aug 28 13:26:37 2008: DEBUG: Response type 43
Thu Aug 28 13:26:37 2008: DEBUG: EAP-FAST TLS data: 800300020002
Thu Aug 28 13:26:37 2008: ERR: EAP-FAST peer RESULT failure
Thu Aug 28 13:26:37 2008: DEBUG: EAP result: 1, EAP-FAST peer RESULT
failure
Thu Aug 28 13:26:37 2008: DEBUG: AuthBy FILE result: REJECT, EAP-FAST
peer RESULT failure
Thu Aug 28 13:26:37 2008: INFO: Access rejected for anonymous: EAP-FAST
peer RESULT failure
Thu Aug 28 13:26:37 2008: DEBUG: Packet dump:
*** Sending to XXXX port XXXX ....
Code: Access-Reject
Identifier: 175
Authentic: <216>~<200>V<127><159><232>R22<230><179>G<157>w<18>
Attributes:
EAP-Message = [Message]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Wednesday, August 27, 2008 11:47 PM
To: LeBlanc, Michael
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] EAP-Fast/MS-CHAPv2 with Cisco 7921g
Hello Michael -
Could we see your Radiator configuration file and a more complete
trace 4 debug?
thanks and regards
Hugh
On 28 Aug 2008, at 07:51, Michael LeBlanc wrote:
> Hi,
>
> I've been working on getting a Cisco 7921g wifi IP phone to use
> EAP-Fast/MS-CHAPv2 with Radiator, with no luck so far. I was
> wondering if
> anyone has had success with this configuration.
>
> I've tried Radiator 3.17.1 and 4.3.1, and in both cases, the phone
> seems to
> reject the MS-CHAPv2 challenge in the inner tunnel and requests
> Generic-Token (the log entry is below).
>
> I've been able to get EAP-Fast working with Generic-Token on the
> 7921g, and
> wpa_supplicant works well with EAP-Fast/MS-CHAPv2 -- so I don't
> think it's a
> Radiator configuration issue.
>
> According to the vendor, the 7921g supports MS-CHAPv2 within the
> EAP-Fast
> tunnel.
>
> I'd very much appreciate any thoughts.
>
> Tue Aug 26 14:31:07 2008: DEBUG: EAP-FAST Tunnelled request Packet
> dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <12><24><212><162><129><187>1%
> <220><169>#<147><253>M<12><250>
> Attributes:
> EAP-Message = <2><0><0><13><1>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "anonymous"
> NAS-IP-Address = XXXX
> NAS-Identifier = "XXXX"
> NAS-Port = 29
> Calling-Station-Id = "XXXX"
>
> Tue Aug 26 14:31:07 2008: DEBUG: Handling request with Handler ''
> Tue Aug 26 14:31:07 2008: DEBUG: Deleting session for anonymous, XXXX
> Tue Aug 26 14:31:07 2008: DEBUG: Handling with Radius::AuthFILE:
> EAP-FAST
> Tue Aug 26 14:31:07 2008: DEBUG: Handling with EAP: code 2, 0, 13
> Tue Aug 26 14:31:07 2008: DEBUG: Response type 1
> Tue Aug 26 14:31:07 2008: DEBUG: EAP result: 3, EAP MSCHAP-V2
> Challenge
> Tue Aug 26 14:31:07 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> MSCHAP-V2 Challenge
> Tue Aug 26 14:31:07 2008: DEBUG: Access challenged for anonymous: EAP
> MSCHAP-V2 Challenge
> Tue Aug 26 14:31:07 2008: DEBUG: Returned FAST inner Packet dump:
> Code: Access-Challenge
> Identifier: UNDEF
> Authentic: <12><24><212><162><129><187>1%
> <220><169>#<147><253>M<12><250>
> Attributes:
> EAP-Message =
> <1><1><0>.<26><1><1><0>)<16>3<239><161>C<204><234>j\<19>~<
> 155>&(q<28>FXXXX
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Aug 26 14:31:07 2008: DEBUG: EAP result: 3, EAP-FAST inner
> authentication redespatched to a Handler
> Tue Aug 26 14:31:07 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-
> FAST
> inner authentication redespatched to a Handler
> Tue Aug 26 14:31:07 2008: DEBUG: Access challenged for anonymous:
> EAP-FAST
> inner authentication redespatched to a Handler
> Tue Aug 26 14:31:07 2008: DEBUG: Packet dump:
>
> *** Sending to XXXX port XXXX ....
> Code: Access-Challenge
> Identifier: 140
> Authentic: O<8><142><182>f<129>s<168><27><200><159><14>H<6><127>O
> Attributes:
> EAP-Message =
> <1><1><0>U+<129><0><0><0>K<23><3><1><0>Fd<138>dT<219>=<156
>> <168>q<250><142><159>m1<206><154>,<240><231><177>%
>> 1<155><207><142><215><26>}<13
> 1><215><224><13>c<240><149>0<4>TeSm<26><4>*<212><192><248>&<169><207>W
> <156><
> 8><204><139>n:<160><146><171>m<181><150><202><154><219><242><174>"
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Aug 26 14:31:07 2008: DEBUG: Packet dump:
> *** Received from XXXX port XXXX ....
> Code: Access-Request
> Identifier: 141
> Authentic: OB<130>JX<236><237><167><226><255> <7><158><167><167>5
> Attributes:
> User-Name = "anonymous"
> Calling-Station-Id = "XXXX"
> Called-Station-Id = "XXXX"
> NAS-Port = 29
> NAS-IP-Address = XXXX
> NAS-Identifier = "XXXX"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message =
> <2><1><0>)+<1><23><3><1><0><30>&<177><226><18><11>j<198>GA
> ^<250>g<11><253><224><235><230><177>.-
> @<140><181><192><130><194><212>n<22>%
> Message-Authenticator =
> @<197>Z*)<227><211><22><232>p<9><217><21><223>I<
> 136>
>
> Tue Aug 26 14:31:07 2008: DEBUG: Handling request with Handler ''
> Tue Aug 26 14:31:07 2008: DEBUG: Deleting session for anonymous, XXXX
> Tue Aug 26 14:31:07 2008: DEBUG: Handling with Radius::AuthFILE:
> EAP-FAST
> Tue Aug 26 14:31:07 2008: DEBUG: Handling with EAP: code 2, 1, 41
> Tue Aug 26 14:31:07 2008: DEBUG: Response type 43
> Tue Aug 26 14:31:07 2008: DEBUG: EAP-FAST TLS data:
> 80090006020100060306
> Tue Aug 26 14:31:07 2008: DEBUG: EAP-FAST inner authentication
> request for
> anonymous
> Tue Aug 26 14:31:07 2008: DEBUG: EAP-FAST Tunnelled request Packet
> dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: {<203>|3<209><211><5><230><211><10><192><182><147><157>PM
> Attributes:
> EAP-Message = <2><1><0><6><3><6>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "anonymous"
> NAS-IP-Address = XXXXX
> NAS-Identifier = "XXXXX"
> NAS-Port = 29
> Calling-Station-Id = " XXXXX"
>
> Tue Aug 26 14:31:07 2008: DEBUG: Handling request with Handler ''
> Tue Aug 26 14:31:07 2008: DEBUG: Deleting session for anonymous,
> 137.82.32.251,
> 29
> Tue Aug 26 14:31:07 2008: DEBUG: Handling with Radius::AuthFILE:
> EAP-FAST
> Tue Aug 26 14:31:07 2008: DEBUG: Handling with EAP: code 2, 1, 6
> Tue Aug 26 14:31:07 2008: DEBUG: Response type 3
> Tue Aug 26 14:31:07 2008: INFO: EAP Nak desires type 6
> Tue Aug 26 14:31:07 2008: DEBUG: EAP result: 1, Desired EAP type 6 not
> permitted
> Tue Aug 26 14:31:07 2008: DEBUG: AuthBy FILE result: REJECT,
> Desired EAP
> type 6
> not permitted
> Tue Aug 26 14:31:07 2008: INFO: Access rejected for anonymous:
> Desired EAP
> type
> 6 not permitted
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list